Request a Demo Contact Us
Bugcrowd Introduces Continuous Attack Surface Penetration Testing
Learn More

Tango incentivizes trusted hackers to secure its incentive programs

Industry

Financial Services

Founding Date

2009

Website

https://www.tangocard.com

# of Employees

250+

Headquarters

Seattle, WA

  • The Situation

    Tango has revolutionized rewards, mostly in the form of gift cards, prepaid cards, or monetary payouts, by simplifying the delivery of secure incentive programs for organizations. While this has led to rapid company growth, it has also increased infrastructure complexity and the number of cloud security threats. As such, Tango’s security team has faced a growing number of new and unpredictable threats. Despite the team’s competency, Tango recognized the need to enhance its capabilities by collaborating with a robust crowdsourced security platform.

  • The Challenge

    Tango’s priority was to secure sensitive transaction data for its clients while continuing to innovate. The company is committed to combating threats, bad actors, and security incidents. Above all, it wanted to uphold and enhance its brand reputation through a proactive approach to risk reduction. However, rapid digital transformation and an expanding attack surface have proven to be significant challenges.

The Bugcrowd Solution

To address these challenges, Tango enlisted the Bugcrowd Platform. Leveraging Managed Bug Bounty, Tango teamed up with ethical hackers to find vulnerabilities in its services that are beyond the reach of automated tools. This collaboration enhanced Tango’s security posture and competitive edge while mitigating potential risks and strengthening customer trust. “Bugcrowd has transformed the way we approach identifying new cybersecurity attack scenarios,” said Tango’s VP of Information Security Monica Bush. “The Bugcrowd platform has enabled us to tap into a diverse pool of talent and has been vital in augmenting our team in identifying and addressing vulnerabilities.”

Bugcrowd allows us to focus on our core business, knowing that our systems are in safe hands.

MONICA BUSH VP of Information Security, Tango

Success Snapshot

  • Strengthened security operations through an extended team of trusted hackers

  • Identified and addressed vulnerabilities, reducing the risk of security incidents

  • Demonstrated a proactive commitment to cybersecurity, boosting customer trust

  • Aided in compliance with internal policies, external laws, regulations, and standards

  • Provided a reporting dashboard and validation process to facilitate audits

  • Increased security awareness among employees

The Outcomes

Managed Bug Bounty helped Tango better secure its customers’ transactions and keep up with the ever-changing threat landscape. By integrating the identification of vulnerabilities into their existing DevSec tools and processes, Tango’s developers could fortify new features against potential threats. “Bugcrowd partnered with us to identify hard-to-find security weaknesses and provide rapid notifications so the team may address corrections asap,” said Monica Bush. “Bugcrowd’s approach to security has allowed us to focus on our core business, knowing that our systems are in safe hands.” Bugcrowd’s reporting and validation processes also significantly contributed to ensuring Tango’s compliance with security audits and regulations

Conclusion

Tango’s collaboration with Bugcrowd exemplifies how the alignment of security strategies with rapid innovation can address complex cybersecurity challenges. This partnership has helped Tango secure its operations, preserve its brand reputation, and prepare for future growth. Tango plans to continue working with Bugcrowd, focusing on scaling its bug bounty program and adapting it to new products, services, and technologies.

Subscribe for updates

Get Started with Bugcrowd

A bug bounty is a monetary reward for security researchers who find legitimate security flaws in software. Payments are allocated for each vulnerability found, depending upon various factors including risk, impact, and exploitability of the vulnerability.